6
0
Fork 0

[__recycledcloud_nginx*] add support for alternative domains

This commit is contained in:
Timothée Floure 2021-02-19 09:30:01 +01:00
parent 26b7b9651a
commit 1173805f7d
Signed by: tfloure
GPG key ID: 4502C902C00A1E12
8 changed files with 44 additions and 7 deletions

View file

@ -21,6 +21,13 @@ config
Custom NGINX logic, templated within a standard `server` section with
`server_name` and TLS parameters set. Defaults to simple static hosting.
altdomains
Alternative domain names for this vhost and related TLS certificate.
uacme-hookscript
Custom hook passed to the __uacme_obtain type: useful to integrate the
dns-01 challenge with third-party DNS providers.
AUTHORS
-------
Timothée Floure <timothee.floure@posteo.net>

View file

@ -23,9 +23,22 @@ else
domain="${__object_id:?}"
fi
altdomains=
if [ -f "${__object:?}/parameter/altdomains" ];
then
altdomains="$(cat "${__object:?}/parameter/altdomains")"
fi
set_custom_uacme_hookscript=
if [ -f "${__object:?}/parameter/uacme-hookscript" ];
then
uacme_hookscript="$(cat "${__object:?}/parameter/uacme-hookscript")"
set_custom_uacme_hookscript="--hookscript $uacme_hookscript"
fi
# Deploy simple HTTP vhost, allowing to serve ACME challenges.
__recycledcloud_nginx_vhost "301-to-https-$domain" \
--domain "$domain" --to-https
--domain "$domain" --altdomains "$altdomains" --to-https
# Obtaining TLS cert.
cert_ownership=$nginx_user
@ -34,8 +47,12 @@ if [ -f "${__object:?}/parameter/force-cert-ownership-to" ]; then
fi
__uacme_account
# shellcheck disable=SC2086
require="__recycledcloud_nginx_vhost/301-to-https-$domain __uacme_account" \
__uacme_obtain "$domain" --owner $cert_ownership \
__uacme_obtain "$domain" \
--altdomains "$altdomains" \
$set_custom_uacme_hookscript \
--owner "$cert_ownership" \
--install-key-to "$nginx_certdir/$domain/privkey.pem" \
--install-cert-to "/$nginx_certdir/$domain/fullchain.pem" \
--renew-hook "service nginx reload"
@ -52,7 +69,8 @@ if [ -f "${__object:?}/parameter/config" ]; then
cat "$nginx_logic" > "${__object:?}/files/config"
require="__uacme_obtain/$domain" __recycledcloud_nginx_vhost "$domain" \
--config "${__object:?}/files/config"
--altdomains "$altdomains" --config "${__object:?}/files/config"
else
require="__uacme_obtain/$domain" __recycledcloud_nginx_vhost "$domain"
require="__uacme_obtain/$domain" __recycledcloud_nginx_vhost "$domain" \
--altdomains "$altdomains"
fi

View file

@ -1,3 +1,5 @@
config
domain
altdomains
uacme-hookscript
force-cert-ownership-to

View file

@ -10,7 +10,7 @@ cat <<- EOF
EOF
# Name
echo "server_name ${DOMAIN:?};"
echo "server_name ${DOMAIN:?} $ALTDOMAINS;"
# ACME challenges.
cat << EOF

View file

@ -10,7 +10,7 @@ cat <<- EOF
EOF
# Name
echo "server_name ${DOMAIN:?};"
echo "server_name ${DOMAIN:?} $ALTDOMAINS;"
# ACME challenges.
cat << EOF

View file

@ -52,6 +52,9 @@ lport
The port to which we listen. If this is omitted, the defaults of `80` for
HTTP and `443` for HTTPS are used.
altdomains
Alternative domain names for this vhost.
BOOLEAN PARAMETERS
------------------

View file

@ -63,6 +63,13 @@ else
fi
export DOMAIN
ALTDOMAINS=
if [ -f "${__object:?}/parameter/altdomains" ];
then
ALTDOMAINS="$(cat "${__object:?}/parameter/altdomains")"
fi
export ALTDOMAINS
# Use TLS ?
if [ -f "${__object:?}/parameter/no-tls" ];
then

View file

@ -1,3 +1,3 @@
domain
lport
config
altdomains